Identification requirements of the Information Platform via certificate based authentication
To access the Information Platform (IP) we accept only electronic certificates issued by trusted service providers (TSP). The list of the registered service providers is available on the web page of the National Media and Infocommunications Authority. We accept certificates issued by all of these companies.
To access the Information Platform it is necessary to meet the below criteria:
- The digital certificate has to be issued by trusted public certificate authority (CA)
- The trusted public CA issues the digital certificate after the verification of the requestor’s/company’s identity. The issued digital certificate must be suitable to identify a user.
Certificates issued by trusted public CAs may be used to access the IPNew system only, given they are suitable for electronic identification of the User (autentication certificate), and meet the following criteria
- Version: v3
- Signature algorithm: sha256RSA
- Signature hash algorithm: sha256 (SHA1 not supported)
- Public key: RSA and at least 2048 Bits (ECC (384 Bits) not supported)
- Issuer: CRL list should be available/downloadable issued by 3rd party providers (internal PKI generated cert's not supported)
- Validity: at least 1 year expiration period (or more)
- Key Usage: Digital Signature (80)
- Enhanced Key Usage: Client Authentication
- The Subject field must contain E field and/or Subject Alternative Name (RFC822 Name): it has to include your valid email adress which the certificate was issued for (if both of them it must be the same). Certificates including host name values (DNS HOSTNAME) are not supported.
- Root and intermediate certificates should be available on request.
Documentation of the certificate usage are available from RBP site Documents/Usage of Electronic Certificate.